BLOG

The talent shortage in cybersecurity has reached critical levels and healthcare organizations are struggling to find and retain qualified personnel. Our team here at Meditology has seen a significant uptick in placing our virtual CISO (vCISO), CISO as a Service, and Staff Augmentation resources out at clients who are struggling to find, place, and train the cyber talent. This blog post provides a collection of best practices for establishing a world-class cybersecurity program using virtual or traditional security staffing models. Read More

One of the many, many things we’ve learned over the last year or more of living and working through a pandemic, is that cybersecurity needs to evolve with the changing threat landscape. Likewise, the regulatory landscape and the security related frameworks we rely upon must attempt to keep pace. HITRUST is no exception as they seek to constantly evolve and update the HITRUST CSF, certifications, and processes. Read More

The FDA has announced a plan to improve cybersecurity practices for medical devices in response to the White House’s effort to bolster cybersecurity across the supply chain. Kevin Fu, acting director of medical device cybersecurity at the FDA’s Center for Devices and Radiological Health, has warned of cyber-attacks not just affecting technology that stores and processes data, but also affecting technology directly responsible for patient health. Read More

The PCI Security Standards Council has announced detailed timelines for the release of the much-anticipated PCI DSS version 4.0. Due to the scale and extent of the changes, the council is now targeting Q2 2022 for formal publication of the new framework. This blog post provides additional details about the timing of version 4.0 and its implications for healthcare entities. Read More

The CyberPHIx podcast is a quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a focused set of topics. We will be releasing these as our "Healthcare CISOs Sound Off" blog series in several installments. The topic of our second blog is risk reporting and engaging with the business. Read More

I have been hosting The CyberPHIx for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a focused set of topics. We will be releasing these as our "Healthcare CISOs Sound Off" blog series in several installments. The topic for our first blog is Medical Device Security. Read More

On April 15th 2021, HITRUST® announced a new reservation system for scheduling quality assurance for validated assessments. For all validated assessments submitted on or before June 30th 2021, HITRUST will continue to process on a first come, first served basis. Any assessments that will be submitted on or after July 1st 2021, will require Assessed Entities to schedule the start of quality assurance (QA) procedures within the HITRUST MyCSF® platform. Read More